LiveZilla &lt; 5.1.2.1 Multiple Vulnerabilities

Description

The version of LiveZilla hosted on the remote web server is affected by multiple vulnerabilities :

The application is affected by multiple cross-site scripting (XSS) vulnerabilities because it fails to properly sanitize user-supplied input. Note that CVE-2013-7003 was reportedly fixed in version 5.1.2.0.
(CVE-2013-7003, CVE-2013-7032)

The application insecurely stores credentials that are accessible via JavaScript. An attacker can gain access to these credentials by exploiting a cross-site scripting vulnerability. Note that the vendor update partially fixes the issue by storing the credentials as MD5 hashes. (CVE-2013-7033)

The application is affected by a PHP object injection vulnerability because it fails to properly sanitize user-supplied input to the 'setCookieValue()' function of the '_lib/functions.global.inc.php' script.
(CVE-2013-7034)

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2017